Following commit fixes code injection issue in Mercurial:
Detailed description of the attack vector is available here:
Created mercurial tracking bugs for this issue:
Affects: fedora-all [bug 1204811]
Red Hat Product Security has rated this issue as having moderate security impact. This issue is not currently planned to be addressed in future updates.